On Wed, Jan 09, 2013 at 03:08:51PM +0100, Florian Weimer wrote: > I start with the F18 TC3 image, which boots on Secure Boot systems, > replace the boot artwork (which is not cryptographically protected), > the F18 kernel, and use most of the F19 installation environment. > The F18 boot loader and kernel know nothing about image verification > or Authenticode-style executable verification, so it will start any > init I supply. This means that I can start a fake anaconda which > looks just like F19, but does not verify RPM signatures (as before). > At this point, I can put whatever RPMs I want on the installation > media, and they will be installed.
Yes, if you boot an installer that doesn't verify signatures, you won't verify signatures. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
